[pfx] Re: SSL_accept error for smtpd

2024-06-10 Thread Viktor Dukhovni via Postfix-users
On Tue, Jun 11, 2024 at 09:55:56AM +0800, Jeff Peng via Postfix-users wrote: > Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: warning: > TLS library problem:error:1417A0C1:SSL routines: > tls_post_process_client_hello:no shared cipher: > ../ssl/statem/statem_srvr.c:2283: > Jun 11 01:52:16 tls-mail

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Noel Jones via Postfix-users
On 6/10/2024 12:10 PM, Gilgongo via Postfix-users wrote: On Mon, 10 Jun 2024 at 12:58, Matus UHLAR - fantomas via Postfix-users > wrote: 3. smtpd_recipient_restrictions = permit_mx_backup avoid this whenever possible. Or at least define permit

[pfx] DKIM policy question

2024-06-10 Thread Jeff Peng via Postfix-users
Hello spf, dmarc have the policy to reject a message. My question is, why dkim has no choice for rejecting messages? for example, if dkim signature failed, where to instruct this message can be rejected? Thank you. ___ Postfix-users mailing list -- p

[pfx] Re: SSL_accept error for smtpd

2024-06-10 Thread Jeff Peng via Postfix-users
Thanks Wietse. The request is not maken by our client, so I am safe to ignore the error. If this does not happen with a legitimate client, then this could be someone who is looking for trouble (they failed) and you can ignore the problem. ___ Post

[pfx] Re: SSL_accept error for smtpd

2024-06-10 Thread Wietse Venema via Postfix-users
Jeff Peng via Postfix-users: > Hello > > what's this error in mail.log? > > Jun 11 01:52:15 tls-mail postfix/smtpd[67409]: connect from > unknown[172.210.47.140] > Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: SSL_accept error from > unknown[172.210.47.140]: -1 > Jun 11 01:52:16 tls-mail postf

[pfx] SSL_accept error for smtpd

2024-06-10 Thread Jeff Peng via Postfix-users
Hello what's this error in mail.log? Jun 11 01:52:15 tls-mail postfix/smtpd[67409]: connect from unknown[172.210.47.140] Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: SSL_accept error from unknown[172.210.47.140]: -1 Jun 11 01:52:16 tls-mail postfix/smtpd[67409]: warning: TLS library problem

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Gilgongo via Postfix-users
On Mon, 10 Jun 2024 at 12:58, Matus UHLAR - fantomas via Postfix-users < postfix-users@postfix.org> wrote: > > 3. > smtpd_recipient_restrictions = permit_mx_backup > > avoid this whenever possible. Or at least define permit_mx_backup_networks > > Thanks - I forgot to ask about this. Am I right in

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Bill Cole via Postfix-users
On 2024-06-10 at 10:34:09 UTC-0400 (Mon, 10 Jun 2024 16:34:09 +0200) Matus UHLAR - fantomas via Postfix-users is rumored to have said: >>> On Mon, 10 Jun 2024, 12:37 pm Jeff Peng via Postfix-users, < >>> postfix-users@postfix.org> wrote: why not postscreen for this purpose? > >> On 2024-06-1

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Matus UHLAR - fantomas via Postfix-users
On Mon, 10 Jun 2024, 12:37 pm Jeff Peng via Postfix-users, < postfix-users@postfix.org> wrote: why not postscreen for this purpose? On 2024-06-10 at 09:35:25 UTC-0400 (Mon, 10 Jun 2024 14:35:25 +0100) Gilgongo via Postfix-users is rumored to have said: Thanks - I thought about postscreen, bu

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Bill Cole via Postfix-users
On 2024-06-10 at 09:35:25 UTC-0400 (Mon, 10 Jun 2024 14:35:25 +0100) Gilgongo via Postfix-users is rumored to have said: On Mon, 10 Jun 2024, 12:37 pm Jeff Peng via Postfix-users, < postfix-users@postfix.org> wrote: why not postscreen for this purpose? Thanks - I thought about postscreen,

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Gilgongo via Postfix-users
On Mon, 10 Jun 2024, 12:37 pm Jeff Peng via Postfix-users, < postfix-users@postfix.org> wrote: > why not postscreen for this purpose? > Thanks - I thought about postscreen, but wasn't sure if it would be overkill for such a small server? Could look again though. __

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Matus UHLAR - fantomas via Postfix-users
On 10.06.24 12:27, Gilgongo via Postfix-users wrote: Hi - I've got a small mail server (~50 users) and our Postfix (3.6.4) config is pretty old and confusing, and may not be doing things we want. So I'd like to re-jig it. Here's how I think I'd like to have it: 1. Incoming mail (not from $mynetw

[pfx] Re: Sanity check/suggestions appreciated

2024-06-10 Thread Jeff Peng via Postfix-users
why not postscreen for this purpose? BTW I'm using a script (policyd.pl ) that does weighted scoring for RBLs (as well as SPF), which I'd prefer rather than doing that with Postfix directly. ___ Postfix-users mailing list -- post

[pfx] Sanity check/suggestions appreciated

2024-06-10 Thread Gilgongo via Postfix-users
Hi - I've got a small mail server (~50 users) and our Postfix (3.6.4) config is pretty old and confusing, and may not be doing things we want. So I'd like to re-jig it. Here's how I think I'd like to have it: 1. Incoming mail (not from $mynetworks or sasl auth): RBL, SPF/DKIM verification and SA (